Security News

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud instances, container images in Amazon Elastic Container Registry, and AWS Lambda functions on a large scale.

Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device. According to notices sent to sellers on Thursday evening, Amazon has now banned Flipper Zero on its platform, tagging it as a "Restricted product."

AWS has been offering Amazon Linux, a cloud-optimized Linux distribution, since 2010. Amazon Linux 2023 is provided at no additional charge.

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets.For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists will be disabled.

A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms.

A severe security flaw in the Amazon ECR Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.Amazon ECR Public Gallery is a public repository of container images used for sharing ready-to-use applications and popular Linux distributions, such as Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.

A critical security flaw has been disclosed in Amazon Elastic Container Registry Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit Amiga, director of security research at Lightspin, said in a report shared with The Hacker News.

Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. "This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.

Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources."This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.

Hundreds of databases on Amazon Relational Database Service are exposing personal identifiable information, new findings from Mitiga, a cloud incident response company, show. Amazon RDS is a web service that makes it possible to set up relational databases in the Amazon Web Services cloud.